The National Institute of Standards and Technology (NIST) today announced the first step in the development of a Cybersecurity Framework, which will be a set of voluntary standards and best practices to guide industry in reducing cyber risks to the networks and computers that are vital to the nation’s economy, security and daily life.

… In accordance with the Executive Order, the Secretary of Commerce has directed the Director of NIST to lead the development of a framework to reduce cyber risks to critical infrastructure, such as power plants and financial, transportation and communications systems. NIST will issue a Request for Information from critical infrastructure owners and operators, federal agencies, state, local, territorial and tribal governments, standards-setting organizations, other members of industry, consumers, solution providers and other stakeholders….

Stakeholder meetings are also a part of the framework process. The first meeting will be held April 3 at NIST headquarters in Gaithersburg, Md. For more information on this workshop or to register, go to this NIST website.

In addition, I am aware of efforts by the National Association of Chief Information Officers (NASCIO) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) to gather input to this request by NIST. Whether these organizations compile a combined RFI response from states or just encourage state and local governments to respond individually is not clear at this time.

I urge you and your organization or government to engage in this overall process. It is far too easy to complain about what is or what is not happening in Washington D.C. regarding cybersecurity. It is another matter entirely to be a part of the solution. This framework will provide an important piece to our roadmap over the next four-plus years, and we all need to get involved.

“Cybersecurity has become a hot topic recently, as information emerged about a series of cyber attacks by on U.S. Banks, Microsoft, the New York Times, the Wall Street Journal, Bloomberg, and many other companies. A detailed expert report confirmed that these attacks, and others, were the work of operatives working for china’s military intelligence services (see “Chinese government orchestrates cyberattacks on U.S.: experts,” HSNW, 19 February 2013).

The Hill reports that these attacks now have lawmakers concerned about a more destructive attacks on water systems, financial institutions, transportation, utilities, and other critical infrastructure….

Senate Commerce Committee chairman Jay Rockefeller (D-West Virginia) said in a statement that the threat of a cyber attack is higher than ever, especially since the Congress failed to pass any cybersecurity legislation last year. “We simply cannot afford to wait any longer to adequately protect ourselves.” Rockefeller said in his statement….”

• Improves coordination in government, providing for a strategic plan to assess the cybersecurity risk and guide the overall direction of federal cyber research and development.

• Updates the National Institutes of Standards and Technology (NIST) responsibilities to develop security standards to harden our federal networks and processes for agencies to follow.

• Establishes a federal-university-private-sector task force to coordinate research and development, improve training of cyber professionals.

• Continues much-needed cybersecurity research and development programs at the National Science Foundation and NIST.

Presidential Actions On Cyber This Week

Meanwhile, President Obama hosted an unprecedented meeting with CEOs this past week on cybersecurity threats facing our nation. The New York Times reported on the meeting that, “Mr. Obama wanted to hear directly from industry leaders about how vulnerable their companies were to computer attacks. The president also wanted to discuss efforts the government was taking to address threats.”

PRESIDENT BARACK OBAMA:Well, I think– you al– always have to be careful war analogies. Because, you know, there’s a big difference between– them engaging in cyber espionage or cyber attacks and– obviously– a hot war. What– is absolutely true– is that we have seen– a steady ramping up of cyber security threats. Some are state sponsored. Some are just sponsored by criminals. The–

GEORGE STEPHANOPOULOS:But some are state sponsored?

PRESIDENT BARACK OBAMA:Absolutely. And– and billions of dollars are lost to the consequences. You know, industrial secrets are stolen. Our companies are put into competitive disadvantage. You know, there are disruptions to our systems– that, you know, involve everything from our financial systems to some of our infrastructure.

And this is why I’ve taken some very aggressive executive actions. But we need Congress to act. We’ve put before Congress what exactly we need that will protect people’s privacy and civil liberties, but will also make sure that our overall system, both public and private, are protected from these kinds of attacks.

In conclusion, there is definitely a new sense of urgency to these cybersecurity matters. The topic of cyberdefense has now been elevated to the highest executive levels in the public and private sectors, even entering the conversation alongside such topics as the national debt, the economy and North Korean concerns.

State and local governments need to have this same sense of urgency on policies related to cyber. Get involved.

During his distinguished career, he has served global organizations in the public and private sectors in a variety of executive leadership capacities, receiving numerous national awards including: CSO of the Year, Public Official of the Year and Computerworld Premier 100 IT Leader.
Lohrmann led Michigan government’s cybersecurity and technology infrastructure teams from May 2002 to August 2014, including enterprisewide Chief Security Officer (CSO), Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) roles in Michigan.

He currently serves as the Chief Security Officer (CSO) and Chief Strategist for Security Mentor Inc. He is leading the development and implementation of Security Mentor’s industry-leading cyber training, consulting and workshops for end users, managers and executives in the public and private sectors. He has advised senior leaders at the White House, National Governors Association (NGA), National Association of State CIOs (NASCIO), U.S. Department of Homeland Security (DHS), federal, state and local government agencies, Fortune 500 companies, small businesses and nonprofit institutions.

He has more than 30 years of experience in the computer industry, beginning his career with the National Security Agency. He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US/UK military facility.

Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web and BYOD for You: The Guide to Bring Your Own Device to Work. He has been a keynote speaker at global security and technology conferences from South Africa to Dubai and from Washington, D.C., to Moscow.

He holds a master's degree in computer science (CS) from Johns Hopkins University in Baltimore, and a bachelor's degree in CS from Valparaiso University in Indiana.

Dan Lohrmann

Building effective virtual government requires new ideas, innovative thinking and hard work. From cybersecurity to cloud computing to mobile devices, Dan discusses what’s hot and what works in the world of gov tech.